<% '============================================================================= ' FILE: displaymachine.asp ' PURPOSE: Display detailed machine information with edit capability ' SECURITY: Parameterized queries, HTML encoding, input validation ' UPDATED: 2025-11-07 - Fixed for Phase 2 schema (machines + communications) '============================================================================= %> <% theme = Request.Cookies("theme") If theme = "" Then theme = "bg-theme1" End If '============================================================================= ' SECURITY: Validate machineid parameter '============================================================================= Dim machineid machineid = GetSafeInteger("QS", "machineid", 0, 1, 999999) IF machineid = 0 THEN objConn.Close Response.Redirect("default.asp") Response.End END IF '============================================================================= ' PHASE 2 SCHEMA: Query machines table with LEFT JOINs for optional data ' - No more pc/pc_network_interfaces/pc_dualpath_assignments tables ' - Use communications for network interfaces ' - Use machinerelationships for dualpath relationships ' - Use compliance for compliance data '============================================================================= strSQL = "SELECT machines.*, models.modelnumber, vendors.vendor, " & _ "businessunits.businessunit, machinetypes.machinetype " & _ "FROM machines " & _ "INNER JOIN models ON machines.modelnumberid = models.modelnumberid " & _ "INNER JOIN vendors ON models.vendorid = vendors.vendorid " & _ "INNER JOIN businessunits ON machines.businessunitid = businessunits.businessunitid " & _ "LEFT JOIN machinetypes ON models.machinetypeid = machinetypes.machinetypeid " & _ "WHERE machines.machineid = ?" Set rs = ExecuteParameterizedQuery(objConn, strSQL, Array(machineid)) ' Check if machine exists If rs.EOF Then rs.Close Set rs = Nothing objConn.Close Response.Redirect("default.asp") Response.End End If '============================================================================= ' Get primary network interface from communications table '============================================================================= Dim rsPrimaryNetwork, primaryIP, primaryMAC, primaryHostname, primaryInterface primaryIP = "" primaryMAC = "" primaryHostname = "" primaryInterface = "" ' Get hostname from machines table (for PCs) If Not IsNull(rs("hostname")) And rs("hostname") & "" <> "" Then primaryHostname = rs("hostname") & "" End If ' Query for primary network interface strSQL = "SELECT c.address, c.macaddress, c.interfacename " & _ "FROM communications c " & _ "INNER JOIN comstypes ct ON c.comstypeid = ct.comstypeid " & _ "WHERE c.machineid = ? AND ct.typename = 'Network_Interface' " & _ "AND c.isactive = 1 AND c.isprimary = 1 " & _ "LIMIT 1" Set rsPrimaryNetwork = ExecuteParameterizedQuery(objConn, strSQL, Array(machineid)) If Not rsPrimaryNetwork.EOF Then primaryIP = rsPrimaryNetwork("address") & "" If Not IsNull(rsPrimaryNetwork("macaddress")) Then primaryMAC = rsPrimaryNetwork("macaddress") & "" End If If Not IsNull(rsPrimaryNetwork("interfacename")) Then primaryInterface = rsPrimaryNetwork("interfacename") & "" End If End If rsPrimaryNetwork.Close Set rsPrimaryNetwork = Nothing ' If no primary, get the first network interface If primaryIP = "" Then strSQL = "SELECT c.address, c.macaddress, c.interfacename " & _ "FROM communications c " & _ "INNER JOIN comstypes ct ON c.comstypeid = ct.comstypeid " & _ "WHERE c.machineid = ? AND ct.typename = 'Network_Interface' " & _ "AND c.isactive = 1 " & _ "ORDER BY c.comid ASC LIMIT 1" Set rsPrimaryNetwork = ExecuteParameterizedQuery(objConn, strSQL, Array(machineid)) If Not rsPrimaryNetwork.EOF Then primaryIP = rsPrimaryNetwork("address") & "" If Not IsNull(rsPrimaryNetwork("macaddress")) Then primaryMAC = rsPrimaryNetwork("macaddress") & "" End If If Not IsNull(rsPrimaryNetwork("interfacename")) Then primaryInterface = rsPrimaryNetwork("interfacename") & "" End If End If rsPrimaryNetwork.Close Set rsPrimaryNetwork = Nothing End If '============================================================================= ' Query dualpath relationships from machinerelationships table '============================================================================= Dim rsDualpath, isDualpath, relatedMachineNumber, relatedMachineId isDualpath = False relatedMachineNumber = "" relatedMachineId = 0 strSQL = "SELECT mr.related_machineid, m2.machinenumber " & _ "FROM machinerelationships mr " & _ "INNER JOIN relationshiptypes rt ON mr.relationshiptypeid = rt.relationshiptypeid " & _ "INNER JOIN machines m2 ON mr.related_machineid = m2.machineid " & _ "WHERE mr.machineid = ? AND rt.relationshiptype = 'Dualpath' AND mr.isactive = 1 " & _ "LIMIT 1" Set rsDualpath = ExecuteParameterizedQuery(objConn, strSQL, Array(machineid)) If Not rsDualpath.EOF Then isDualpath = True relatedMachineId = rsDualpath("related_machineid") relatedMachineNumber = rsDualpath("machinenumber") & "" End If rsDualpath.Close Set rsDualpath = Nothing %>
" alt="Card image cap">
" alt="profile-image" class="profile">
<%=Server.HTMLEncode(rs("machinenumber") & "")%>
<%=Server.HTMLEncode(rs("vendor") & "")%>
<%=Server.HTMLEncode(rs("machinetype") & "")%>

<%=Server.HTMLEncode(rs("machinedescription") & "")%>

Configuration

Machine #:

Alias:

Hostname:

Location:

Vendor:

Model:

Type:

BU:

Controller:

Serial #:

IP Address:

VLAN:

Criticality:

Printer:

<% If isDualpath Then %>

Dualpath:

<% End If %>

<% Dim machineNumVal, aliasVal, hostnameVal, vendorValM, modelValM, machineTypeVal, buVal ' Get values and default to N/A if empty machineNumVal = rs("machinenumber") & "" If machineNumVal = "" Then machineNumVal = "N/A" aliasVal = rs("alias") & "" If aliasVal = "" Then aliasVal = "N/A" hostnameVal = primaryHostname If hostnameVal = "" Then hostnameVal = "N/A" vendorValM = rs("vendor") & "" If vendorValM = "" Then vendorValM = "N/A" modelValM = rs("modelnumber") & "" If modelValM = "" Then modelValM = "N/A" machineTypeVal = rs("machinetype") & "" If machineTypeVal = "" Then machineTypeVal = "N/A" buVal = rs("businessunit") & "" If buVal = "" Then buVal = "N/A" %>

<% If machineNumVal <> "N/A" Then %> <%=Server.HTMLEncode(machineNumVal)%> <% Else Response.Write("N/A") End If %>

<%=Server.HTMLEncode(aliasVal)%>

<% If hostnameVal <> "N/A" And primaryIP <> "" Then %> <%=Server.HTMLEncode(hostnameVal)%> <% Else Response.Write(Server.HTMLEncode(hostnameVal)) End If %>

<% ' Map location display Dim mapLeft, mapTop mapLeft = rs("mapleft") & "" mapTop = rs("maptop") & "" If mapLeft <> "" And mapTop <> "" Then Response.Write(" Shop Floor (" & Server.HTMLEncode(mapLeft) & ", " & Server.HTMLEncode(mapTop) & ")") Else Response.Write("N/A") End If %>

<%=Server.HTMLEncode(vendorValM)%>

<%=Server.HTMLEncode(modelValM)%>

<%=Server.HTMLEncode(machineTypeVal)%>

<%=Server.HTMLEncode(buVal)%>

<% ' Controller information ' Controller info commented out - not in simplified query ' If Not IsNull(rs("controller_vendor")) And rs("controller_vendor") & "" <> "" Then ' Dim controllerDisplay ' controllerDisplay = rs("controller_vendor") & "" ' If Not IsNull(rs("controller_model")) And rs("controller_model") & "" <> "" Then ' controllerDisplay = controllerDisplay & " " & rs("controller_model") & "" ' End If ' Response.Write("

" & Server.HTMLEncode(controllerDisplay) & "

") ' Else Response.Write("

N/A

") ' End If ' Serial number If Not IsNull(rs("serialnumber")) And rs("serialnumber") & "" <> "" Then Response.Write("

" & Server.HTMLEncode(rs("serialnumber") & "") & "

") Else Response.Write("

N/A

") End If ' IP Address If primaryIP <> "" Then Response.Write("

" & Server.HTMLEncode(primaryIP) & "

") Else Response.Write("

N/A

") End If ' VLAN If Not IsNull(rs("vlan")) And rs("vlan") & "" <> "" Then Response.Write("

VLAN " & Server.HTMLEncode(rs("vlan") & "") & "

") Else Response.Write("

N/A

") End If ' Asset Criticality If Not IsNull(rs("asset_criticality")) And rs("asset_criticality") & "" <> "" Then Dim criticalityBadge, criticalityVal criticalityVal = rs("asset_criticality") & "" Select Case UCase(criticalityVal) Case "HIGH" criticalityBadge = " High" Case "MEDIUM" criticalityBadge = "Medium" Case "LOW" criticalityBadge = "Low" Case Else criticalityBadge = Server.HTMLEncode(criticalityVal) End Select Response.Write("

" & criticalityBadge & "

") Else Response.Write("

N/A

") End If ' Printer data - check if exists (LEFT JOIN may return NULL) If Not IsNull(rs("printerid")) And rs("printerid") <> "" Then Dim printerNameVal printerNameVal = rs("printerwindowsname") & "" If printerNameVal = "" Then printerNameVal = "Printer #" & rs("printerid") Response.Write("

" & Server.HTMLEncode(printerNameVal) & "

") Else Response.Write("

N/A

") End If ' Dualpath information If isDualpath Then Response.Write("

" & Server.HTMLEncode(relatedMachineNumber) & "

") End If %>
Notes
Network Interfaces
<% '============================================================================= ' Query all network interfaces from communications table '============================================================================= strSQL2 = "SELECT c.address, c.macaddress, c.interfacename, c.isprimary, c.isdhcp " & _ "FROM communications c " & _ "INNER JOIN comstypes ct ON c.comstypeid = ct.comstypeid " & _ "WHERE c.machineid = ? AND ct.typename = 'Network_Interface' AND c.isactive = 1 " & _ "ORDER BY c.isprimary DESC, c.comid ASC" Set rs2 = ExecuteParameterizedQuery(objConn, strSQL2, Array(machineid)) If rs2.EOF Then Response.Write("") Else Do While Not rs2.EOF Dim interfaceNameVal, ipAddressVal, macAddressVal, isPrimaryVal, isDHCPVal interfaceNameVal = rs2("interfacename") & "" If interfaceNameVal = "" Then interfaceNameVal = "Unknown" ipAddressVal = rs2("address") & "" If ipAddressVal = "" Then ipAddressVal = "N/A" macAddressVal = rs2("macaddress") & "" If macAddressVal = "" Then macAddressVal = "N/A" isPrimaryVal = rs2("isprimary") isDHCPVal = rs2("isdhcp") Response.Write("") Response.Write("") Response.Write("") Response.Write("") If isDHCPVal = 1 Or isDHCPVal = True Then Response.Write("") Else Response.Write("") End If If isPrimaryVal = 1 Or isPrimaryVal = True Then Response.Write("") Else Response.Write("") End If Response.Write("") rs2.MoveNext Loop End If rs2.Close Set rs2 = Nothing %>
Interface IP Address MAC Address Type Primary
No network interfaces found
" & Server.HTMLEncode(interfaceNameVal) & "" & Server.HTMLEncode(ipAddressVal) & "" & Server.HTMLEncode(macAddressVal) & "DHCPStatic
Other Communications
<% '============================================================================= ' Query other communication types (Serial, IP, USB, etc.) '============================================================================= strSQL2 = "SELECT c.address, c.port, c.portname, c.description, c.baud, c.databits, c.stopbits, c.parity, ct.typename " & _ "FROM communications c " & _ "INNER JOIN comstypes ct ON c.comstypeid = ct.comstypeid " & _ "WHERE c.machineid = ? AND ct.typename != 'Network_Interface' AND c.isactive = 1 " & _ "ORDER BY ct.typename, c.comid ASC" Set rs2 = ExecuteParameterizedQuery(objConn, strSQL2, Array(machineid)) If rs2.EOF Then Response.Write("") Else Do While Not rs2.EOF Dim typeNameVal, addressVal, detailsVal, descriptionVal typeNameVal = rs2("typename") & "" addressVal = rs2("address") & "" ' Build details based on type detailsVal = "" If typeNameVal = "Serial" Then If Not IsNull(rs2("baud")) Then detailsVal = rs2("baud") & " baud" If Not IsNull(rs2("databits")) And rs2("databits") & "" <> "" Then If detailsVal <> "" Then detailsVal = detailsVal & ", " detailsVal = detailsVal & rs2("databits") & "N" & rs2("stopbits") & "" End If ElseIf typeNameVal = "IP" Then If Not IsNull(rs2("port")) Then detailsVal = "Port " & rs2("port") End If descriptionVal = rs2("description") & "" If descriptionVal = "" Then descriptionVal = "-" Response.Write("") Response.Write("") Response.Write("") Response.Write("") Response.Write("") Response.Write("") rs2.MoveNext Loop End If rs2.Close Set rs2 = Nothing %>
Type Address/Port Details Description
No other communications found
" & Server.HTMLEncode(typeNameVal) & "" & Server.HTMLEncode(addressVal) & "" & Server.HTMLEncode(detailsVal) & "" & Server.HTMLEncode(descriptionVal) & "
Machine Relationships
<% '============================================================================= ' Query machine relationships from machinerelationships table '============================================================================= strSQL2 = "SELECT mr.related_machineid, mr.relationship_notes, rt.relationshiptype, m2.machinenumber " & _ "FROM machinerelationships mr " & _ "INNER JOIN relationshiptypes rt ON mr.relationshiptypeid = rt.relationshiptypeid " & _ "INNER JOIN machines m2 ON mr.related_machineid = m2.machineid " & _ "WHERE mr.machineid = ? AND mr.isactive = 1 " & _ "ORDER BY rt.relationshiptype, m2.machinenumber" Set rs2 = ExecuteParameterizedQuery(objConn, strSQL2, Array(machineid)) If rs2.EOF Then Response.Write("") Else Do While Not rs2.EOF Dim relationshipTypeVal, relatedMachineVal, notesVal relationshipTypeVal = rs2("relationshiptype") & "" relatedMachineVal = rs2("machinenumber") & "" notesVal = rs2("relationship_notes") & "" If notesVal = "" Then notesVal = "-" Response.Write("") Response.Write("") Response.Write("") Response.Write("") Response.Write("") rs2.MoveNext Loop End If rs2.Close Set rs2 = Nothing %>
Relationship Type Related Machine Notes
No relationships found
" & Server.HTMLEncode(relationshipTypeVal) & "" & Server.HTMLEncode(relatedMachineVal) & "" & Server.HTMLEncode(notesVal) & "
Compliance & Security
Management & Access

Third Party Managed:

<% If Not IsNull(rs("is_third_party_managed")) And rs("is_third_party_managed") & "" <> "" Then Dim thirdPartyVal thirdPartyVal = rs("is_third_party_managed") & "" If UCase(thirdPartyVal) = "YES" Or thirdPartyVal = "Yes" Then Response.Write("Yes") ElseIf UCase(thirdPartyVal) = "NO" Or thirdPartyVal = "No" Then Response.Write("No") Else Response.Write(Server.HTMLEncode(thirdPartyVal)) End If Else Response.Write("Not Specified") End If %>

Managed By:

<% If Not IsNull(rs("third_party_manager")) And rs("third_party_manager") & "" <> "" Then Response.Write(" " & Server.HTMLEncode(rs("third_party_manager") & "") & "") Else Response.Write("Not Specified") End If %>

Last Scan:

<% If Not IsNull(rs("scan_date")) And rs("scan_date") & "" <> "" Then Response.Write(Server.HTMLEncode(rs("scan_date") & "")) Else Response.Write("Never Scanned") End If %>

Scan Result:

<% If Not IsNull(rs("scan")) And rs("scan") & "" <> "" Then Response.Write(Server.HTMLEncode(rs("scan") & "")) Else Response.Write("N/A") End If %>

OT Asset Information

OT Asset System:

<% If Not IsNull(rs("ot_asset_system")) And rs("ot_asset_system") & "" <> "" Then Response.Write(Server.HTMLEncode(rs("ot_asset_system") & "")) Else Response.Write("Not Specified") End If %>

OT Device Type:

<% If Not IsNull(rs("ot_asset_device_type")) And rs("ot_asset_device_type") & "" <> "" Then Response.Write(Server.HTMLEncode(rs("ot_asset_device_type") & "")) Else Response.Write("Not Specified") End If %>

MFT:

<% If Not IsNull(rs("mft")) And rs("mft") & "" <> "" Then Response.Write(Server.HTMLEncode(rs("mft") & "")) Else Response.Write("Not Specified") End If %>

Deployment Notes:

<% ' TEXT fields in MySQL require special handling in classic ASP Dim deploymentNotesValue On Error Resume Next deploymentNotesValue = "" If Not IsNull(rs("deployment_notes")) Then deploymentNotesValue = rs("deployment_notes").Value End If On Error Goto 0 If deploymentNotesValue <> "" And Not IsNull(deploymentNotesValue) Then Response.Write("" & Server.HTMLEncode(deploymentNotesValue) & "") Else Response.Write("No deployment notes") End If %>

<% '============================================================================= ' SECURITY: Use parameterized query for installed applications '============================================================================= strSQL2 = "SELECT app.appname, ia.version " & _ "FROM installedapps ia " & _ "INNER JOIN applications app ON ia.appid = app.appid " & _ "WHERE ia.machineid = ? AND ia.isactive = 1 " & _ "ORDER BY app.appname ASC" Set rs2 = ExecuteParameterizedQuery(objConn, strSQL2, Array(machineid)) If rs2.EOF Then Response.Write("") Else Do While Not rs2.EOF Dim appNameVal, versionVal appNameVal = rs2("appname") & "" versionVal = rs2("version") & "" If versionVal = "" Then versionVal = "N/A" Response.Write("") Response.Write("") Response.Write("") Response.Write("") rs2.MoveNext Loop End If rs2.Close Set rs2 = Nothing %>
Application Name Version
No applications installed
" & Server.HTMLEncode(appNameVal) & "" & Server.HTMLEncode(versionVal) & "
<% ' Clean up rs.Close Set rs = Nothing objConn.Close Set objConn = Nothing %>